| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Windows Kernel Elevation of Privilege Vulnerability |
| Microsoft DWM Core Library Elevation of Privilege Vulnerability |
| Windows Win32k Elevation of Privilege Vulnerability |
| Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability |
| Microsoft Cryptographic Services Elevation of Privilege Vulnerability |
| Windows GDI Elevation of Privilege Vulnerability |
| Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability.
This servicing stack vulnerability is addressed by installing the September 2024 Servicing stack update (SSU KB5043936) AND the September 2024 Windows security update (KB5043083), in that order.
Note: Windows 10, version 1507 reached the end of support (EOS) on May 9, 2017 for devices running the Pro, Home, Enterprise, Education, and Enterprise IoT editions. Only Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB editions are still under support. |
| Windows Security Zone Mapping Security Feature Bypass Vulnerability |
| Windows Network Address Translation (NAT) Remote Code Execution Vulnerability |
| Microsoft Management Console Remote Code Execution Vulnerability |
| Windows Storage Elevation of Privilege Vulnerability |
| Windows Graphics Component Elevation of Privilege Vulnerability |
| Windows Hyper-V Denial of Service Vulnerability |
| Microsoft Excel Elevation of Privilege Vulnerability |
| Microsoft Office Visio Remote Code Execution Vulnerability |
| Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| Windows Graphics Component Elevation of Privilege Vulnerability |
| Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability |
| Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions. |
